Our vulnerability scanner (Saint-based) is claiming that a large number of devices and servers are susceptible to the SSL/TLS renegotiation flaw (CVE-2009-3555). Most of these servers and devices are ...

In the past I have gone through a server hardening checklist on a Windows Server 2008 web server for PCI compliance. Basically there are a lot of Group Policy, Registry, and other settings that need ...

During a recent audit we were requested to install antivirus software on our DNS servers that are running linux (bind9). The servers were not compromised during the penetration testing but this was ...

I've run a third-party PCI scan recently on my website, and my main domain cleared 100%.
The IP address, however, came up with some strange errors. It was claiming we were vulnerable to XSS attacks ...

I am running a Apache Server version 2.22, which is upto date, but the PCI compliance report shows an error message, saying the apache version is obsolete and must upgrade it to latest version.
I am ...

looking for a bit of advice please. We've been battling with a PCI compliancy project for the last couple of days and we've managed to eliminate most of security warnings. What we're left with now is ...

I am just wondering if anyone knows of any reason why using psexec would cause the failure of a PCI DSS audit.
I have never been able to find information, though have always been told that it can't ...

I have questions regarding the PCI DSS requirements for quarterly external vulnerability scans by an ASV, specifically what public IPs I need to include in these scans.
The organization is a retail ...

I'm trying to get PCI compliant and the PCI scanning company is flagging our Ubuntu 12.04.3 (PHP 5.3.10-1ubuntu3.8) for CVE-2013-1635 [1] which says "we do not support the use of open_basedir". What ...

Using Stripe to process credit card payments and storing client payments and information in a mysql database. Only storing the id of the transaction, and the client ID. Stripe takes on a majoring of ...

I have updated my ssl.conf file on my Apache2 configuration to use the following SSLCipherSuite
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!ADH
However the PCI scan seems to detect that WEAK ...

We run Ubuntu Lucid 10.0.4 as the foundation of our LAMP environment. We are trying to become PCI compliant so that we can pass CC info through our server. We have run some third-party scans on our ...

We need to stop using (insecure) SSL renegotiation for a series of e-commerce sites we provide due to PCI regulations.
Does anyone know of the implications of doing so assuming that we don't enable ...

Recently a PCI scan was run against a web server and the result was a failure. Some of the issues could be fixed, however others simply make no sense to me.
The machine was a clean install, there are ...

Due to PCI-DSS, we are required to disable plaintext authentication. We've achieved this by encapsulating communications between our mail server and clients with TLS on port 465.
The problem lies in ...

I'm hoping to find a piece of software to assist me in catching PCI compliance failures in advance of the actual ASV scans. I would much prefer to run the scans against myself before I request another ...

So the setup for our website is 4 nodes running rails 3 and nginx 1 that all use the same GoDaddy certificate. Because we are a paid site, we have to maintain PCI-DSS compliance and thus have to use ...